Lets Encrypt certificate does not generate for pop.domain.com & smtp.domain.com

[mariusslo]

Hi there, I am having some issues when trying to generate new SSL certificates for a domain, but it seems that it does not generate for pop.domain.com and smtp.domain.com. I fallowed the guide here https://help.directadmin.com/item.php?id=646 and if I type in domain.com/.well-known/acme-challenge/test.txt I can see the outcome, but if i go pop.domain.com/.well-known/acme-challenge/test.txt I get a Server Not Found Response. Unfortunately the steps do not say what to do next, can someone please help out?

 

[Active8]

right out my note book (this is for mail.domain.com)
--> check: : secure_access_group=access should be enabled in the directadmin.conf.

INSTALL

cd /usr/local/directadmin
echo mail_sni=1 >> conf/directadmin.conf
service directadmin restart
cd custombuild
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set dovecot_conf yes
./build exim_conf
./build dovecot_conf

echo "action=rewrite&value=mail_sni" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq d800

TASK QUEUE
If you want to tell all live SSL domains to have their dovecot configs written, type;
echo "action=rewrite&value=mail_sni" >> /usr/local/directadmin/data/task.queue
or
echo "action=rewrite&value=mail_sni&domain=domain.com" >> /usr/local/directadmin/data/task.queue
this will recreate the sni/domain.com.conf for each SSL domain, plus one for the system hostname.

 

[factor]

pop.domain.com and smtp.domain.com

Look here

Error connecting IMAP

Hello, I have a problem to connect email clients (outlook, thunderbird) on IMAP using the address imap.dominio.tld, both on port 143 and 993, but if using the address mail.domain.tld it connects and works normally on both , 143 and 993. The clients' auto-configurators (outlook and thunderbird)...

forum.directadmin.com

in short, you need A records in DNS and add them to letsencrypt list.

Also here just incase you missed something

SSLs and Let's Encrypt For Domains | Directadmin Docs

 

[mariusslo]

Look here

Error connecting IMAP

Hello, I have a problem to connect email clients (outlook, thunderbird) on IMAP using the address imap.dominio.tld, both on port 143 and 993, but if using the address mail.domain.tld it connects and works normally on both , 143 and 993. The clients' auto-configurators (outlook and thunderbird)...

forum.directadmin.com

in short, you need A records in DNS and add them to letsencrypt list.

Also here just incase you missed something

SSLs and Let's Encrypt For Domains | Directadmin Docs

Hi there, I followed your shared thread and I do have A DNS record for all imap/pop & so on. I have checked all SSL check boxes on the user side, but it still does not generate the certificate giving the same .well-known error. Also after following the thread it seems that I can no longer generate the certificates for the domains that were working well. It shows that the certificates were generated successfully, but the check marks are not vissible from the UI.

 

[factor]

did you set up the Letsencrypt list?

All directadmin.conf values | Directadmin Docs

 

[mariusslo]

did you set up the Letsencrypt list?

All directadmin.conf values | Directadmin Docs

Yes I did

 

[factor]

ok after you did that. did you run

service directadmin restart

 

[mariusslo]

Yes I did

 

[factor]

How about more eyes... @Richard G

 

[Richard G]

Sorry for my late reply. I had a discussion with my computer but I finally won it.

However, I'm sorry at this point. Since things were working before, I presume all settings, must have been fine.
Maybe it's the GUI.

You can check this by using this script, it's not mine, but very usefull to see what exactly is enabled and for which domains.
It's called letsencrypt-show-domains.sh but ofcourse you can use any name you like:

#!/bin/bash

ledomains=0

for san in `ls -1 /usr/local/directadmin/data/users/*/domains/*.san_config`;
do
    domain=`basename ${san}`;
    dirname=`dirname ${san}`;
    domain=${domain%.san_config};
    if [ -e "${dirname}/${domain}.cert.creation_time" ] && [ -e "${dirname}/${domain}.cert" ] && [ -e "${dirname}/${domain}.key" ];
    then
        ledomains=$[ledomains + 1];

        sanconfig=`cat ${dirname}/${domain}.san_config | grep "subjectAltName"`;
        created=`cat ${dirname}/${domain}.cert.creation_time`;
        created_date=`LC_ALL=en_US.utf8 date -d @$created`;
        renewal_date=`LC_ALL=en_US.utf8 date -d "$created_date+60 days"`;
        renewal_days=$(expr '(' $created + 5184000 - $(LC_ALL=en_US.utf8 date +%s) ')' / 86400)

        echo "Lets Encrypt domain: $domain";
        echo "$sanconfig";
        echo "-- Created: $created_date - $created";
        echo "-- Renewal: $renewal_date";
        echo "-- Renewal in $renewal_days days.";
        echo "";

    fi;
done;

echo "";
echo "Lets Encrypt domains: $ledomains";
echo "";

if [ -e "/usr/local/directadmin/conf/cacert.pem.creation_time" ];
    then

        sanconfig=`cat /usr/local/directadmin/conf/ca.san_config | grep "subjectAltName"`;
        created=`cat /usr/local/directadmin/conf/cacert.pem.creation_time`;
        created_date=`LC_ALL=en_US.utf8 date -d @$created`;
        renewal_date=`LC_ALL=en_US.utf8 date -d "$created_date+60 days"`;
        renewal_days=$(expr '(' $created + 5184000 - $(LC_ALL=en_US.utf8 date +%s) ')' / 86400)

        echo "Lets Encrypt Hostname";
        echo "$sanconfig";
        echo "-- Created: $created_date - $created";
        echo "-- Renewal: $renewal_date";
        echo "-- Renewal in $renewal_days days.";
        echo "";

fi;

exit 0;